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Abstract. We give a deterministic polynomial-time algorithm to check whether the Galois group 
Gal (/) of an input polynomial f(X) £ Q[X] is nilpotent: the running time is polynomial in size(/). 
Also, we generalize the Landau-Miller solvability test to an algorithm that tests if Gal (/) is in 7^: this 
algorithm runs in time polynomial in size (/) and n d and, moreover, if Gal (/) 6 7^ it computes all the 
prime factors of #Gal(/). 

1 Introduction 

Computing the Galois group of a polynomial is a fundamental problem in algorithmic number 
theory. Asymptotically, the best known algorithm is due to Landau [3]: on input f(X), it takes 
time polynomial in size (/) and the order of its Galois group Gal (_/"). If f{X) has degree n then 
Gal (/) can have n! elements. Thus, Landau's algorithm takes time exponential in input size. It is 
a long standing open problem if there is an asymptotically faster algorithm for computing Gal (/). 
Lenstra's survey [6] discusses this and related problems. 

A different kind of problem is to test for a given f(x) if Gal (/) satisfies a specific property 
without explicitly computing it. Galois's seminal work showing f(X) is solvable by radicals if and 
only if Gal (/) is solvable is a classic example. Landau and Miller [4] gave a remarkable polynomial- 
time algorithm for testing solvability of the Galois group without computing the Galois group. 

1.1 The results of this article 

Our main result is a deterministic polynomial-time algorithm for testing if Gal (/) is nilpotent. 
Although nilpotent groups are a proper subclass of solvable groups, the Landau-Miller solvability 
test does not give a nilpotence test. Basically, the Landau-Miller test is a method of testing that 
all composition factors of Gal (/) are abelian, which tests solvability. Nilpotence however is a more 
"global" property, in the sense that it cannot be inferred by properties of the composition factors 
alone. 

We note here that nilpotence testing of Galois groups has been addressed by other researchers 
with the goal of developing good practical algorithms. For example in [2] an algorithm for nilpotence 
testing is given which takes time polynomial in size (/) and #Gal(/). However, ours is the first 
algorithm that is provably polynomial time, i.e. runs in time polynomial in size (/), on all inputs. 

* * * work done when the author was a PhD student at the Institute of Mathematical Sciences, Chennai. 



Next, we show that the Landau-Miller solvability test can be extended to a polynomial-time 
algorithm for checking, given / G Q[A], if Gal (/) is in Td for constant d. A group G is in if 
there is a composition series G = Gq D> . . . > Gt = {1} such that each nonabelian composition 
factor Gj/Gj+i is isomorphic to a subgroup of Sd- The class often arises in permutation group 
algorithms (see e.g. [7]). Moreover, if Gal (/) <G i^, the prime factors of #Gal(/) can be found in 
polynomial time. 

1.2 Galois theory overview 

We quickly recall some Galois theory (see, e.g. [5] for details). Let L and A be fields. If L D A, we 
say that L is an extension of A and denote it by L/K. If L/K then L is a vector space over A and 
by the degree of L/K, denoted by [L : K], we mean its dimension. An extension L/K is finite if its 
degree [L : K] is finite. If L/M and M/K are finite extensions then [L : K] = [L : M].[M : K]. The 
polynomial ring A [A] is a unique factorisation domain: every polynomial can be uniquely (upto 
scalars) written as a product of irreducible polynomials. Let L/K be an extension. An a G L is 
algebraic over K if f(ot) = for some /(A) G K[X]. For a algebraic over K, the minimal polynomial 
of a over K is the unique monic polynomial /i a [A](A) of least degree in if [A] for which a is a 
root. We write /i a (A) for /i a [A](A) when K is understood. Elements a, (3 G L are conjugates over 
K if they have the same minimal polynomial over K. The smallest subfield of L containing K and 
a is denoted by K(a). 

The splitting field Kf of / G K[X] is the smallest extension of K containing all the roots of 
/. A finite extension L/K is normal if for all irreducible polynomials /(A) € A[A], either /(A) 
splits or has no root in L. Any normal extension over K is the splitting field of some polynomial 
in A[A]. An extension L/K is separable if for all irreducible polynomials /(A) G A[A] there are 
no multiple roots in L. A normal and separable finite extension L/K is a Galois extension. 

The Galois group Gal(L/A) of L/A is the subgroup of automorphisms c of L that leaves A 
fixed, i.e. a(a) = a for all a G A. The Galois group Gal (/) of / G A[A] is Gal(A//A). For a 
subgroup G of automorphisms of L, the /ixed /ieZc/ L G is the largest subfield of L fixed by G. We 
now state the fundamental theorem of Galois. 

Theorem 1. [5, Theorem 1.1, Chapter VI] Let L/K be a Galois extension with Galois group G. 
There is a one-to-one correspondence between sub fields E of L containing K and subgroups H of 
G, given by E ^ L H . The Galois group of Gal (L/E) is H and E/K is a Galois extension if and 
only if H is a normal subgroup of G. If H is a normal subgroup of G and E = L H then Gal (E/K) 
is isomorphic to the quotient group G/H. 

1.3 Presenting algebraic numbers, number fields and Galois groups 

The algorithms we describe take objects like algebraic numbers, number fields etc. as input. We 
define sizes of these objects. Integers are encoded in binary. A rational r is given by coprime integers 
a, b such that r = a/b. Thus, size (r) is size (a) + size (b). A polynomial T(A) = ao + . . . + a n X n G 
Q[A] is given by a list of its coefficients. Thus, size (T) is defined as Yl s ^ ze ( a i)- 

A number field is a finite extension of Q. Let A/Q be a number field of degree n. By the 
primitive element theorem [5, Theorem 4.6, Chapter V], there is an algebraic number rj G K 
such that K = Q(?7). Such an element is a primitive element of A/Q and its minimal polynomial 
is a primitive polynomial. Let /ir/(A) be the minimal polynomial of rj over Q. Then the field A 
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can be written as the quotient K = Q[X]/ ^(X). Thus K can be presented by giving a primitive 
polynomial for K/Q. We can assume that 77 is an algebraic integer and hence its minimal polynomial 
pir){X) has integer coefficients [5, Proposition 1.1, Chapter VII]. When we say that an algorithm 
takes a number field K as input we mean that it takes a primitive polynomial fi v (X) for K as 
input. Thus the input size for K, which we denote by size (K), is defined to be size (fi v )- 

Suppose K = Q(r/) is presented by fi v (X). Notice that each a G K can be expressed as 
a = A a (rj) for a unique polynomial A a (X) G Q[X] of degree less than n. By size (a) we mean 
size (A a (X)). Note that the size of a £ A - depends on the primitive element 77 G K. Now, for a 
polynomial f(X) = clq + . . . + a m X m in K [X] we define size (/) to be J2 s ^ ze ( a «)- 

Let f(X) G Q[X] of degree n. For an algorithm purporting to compute Gal(/), one possibility 
is that it outputs the complete multiplication table for Gal (/). However, this could be exponential 
in size (/) as Gal (/) can be as large as n!. A succinct presentation of Gal (/) is as a permutation 
group acting on the roots of / since elements of Gal (/) permute the roots of / and are completely 
determined by their action on the roots of /. Thus, by numbering the roots of /, we can consider 
Gal (/) as a subgroup of the symmetric group S n (note here that Gal (/) is determined only up to 
conjugacy as the numbering of the roots is arbitrary). Since any subgroup of S n has a generator 
set of size n — 1 (see e.g. [8]), we can present Gal (/) in size polynomial in n. Thus, by computing 
Gal (/) we mean finding a small generator set for it as a subgroup of S n . Determining Gal (/) as a 
subgroup of S n is a reasonable way of describing the output. Algorithmically, we can answer several 
natural questions about a subgroup G of S n given by generator set in polynomial time. E.g. testing 
if G is solvable, finding a composition series for G etc. [8]. 

Previous complexity results As mentioned, the best known algorithm for computing the Galois 
group of a polynomial is due to Landau [3]. 

Theorem 2 (Landau). There is a deterministic algorithm that takes as input a number field K, 
a polynomial f(X) G K[X] and a positive integer b in unary, and in time bounded by size (/), 
size (if) and b, decides if Gal (Kf/K) has at most b elements, and if so computes Gal (Kf/K) by 
finding the entire multiplication table of Gal (Kf/K) (and hence also by giving the generating set 
of Gal (Kf/K) as a permutation group on the roots of f(X)). 

The algorithm first computes a primitive element 9 of Kf. Determining Gal (/) amounts to 
finding the action of the automorphisms on 9. Subsequently, Landau and Miller [4] gave their 
polynomial-time solvability test. 

Theorem 3 (Landau-Miller). Given f(X) G Q[X] there is a deterministic polynomial-time al- 
gorithm for testing if Gal (/) is solvable. 

2 Preliminaries 

We recall some permutation group theory from Wielandt's book [9]. Let ft be a finite set. The 
symmetric group Sym (ft) is the group of all permutations on ft. By a permutation group on ft we 
mean a subgroup of Sym (ft). For a G ft and g G Sym (ft), let a 9 denote the image of a under the 
permutation g. For A C Sym (ft), a A denotes the set {a 9 : g G A}. In particular, for G < Sym (ft) 
the G-orbit containing a is a G . The G-orbits form a partition of ft. Given G < Sjm(ft) by a 
generating set A and a £ ft, there is a polynomial-time algorithm to compute a G [8]. 
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For A C 17 and g G Sym (17), Z\ s denotes {a 9 : a G Z\}. The setwise stabilizer of Z\, i.e. 
{j £ G : Z\ 9 = Z\}, is denoted by Ga- If A is the singleton set {a} we write G Q instead of G{ a y. 
For any Z\ by G\ A we mean G^\ restricted to A. An often used result is the orbit-stabilizer formula 
stated below [9, Theorem 3.2]. 

Theorem 4 (Orbit-stabilizer formula). Let G be a permutation group on Sym (12) and let a 
be any element of 17 then the order of the group G is given by #G = #G a .#a G . 

A permutation group G on 17 is transitive if there is a single G-orbit. Suppose G < Sym (17) is 
transitive. Then A C 17 is a G-block if for all g £ G either Z\ 9 = Z\ or Z\ 9 n A = 0. For every G, I? 
is a block and each singleton {a} is a block. These are the trivial blocks of G. A transitive group G 
is primitive if it has only trivial blocks and it is imprimitive if it has nontrivial blocks. A G-block 
A is a maximal subblock of a G-block 27 if Z\ C 27 and there is no G-block T such that Z\ C T C 17. 
Let A and 17 be two G-blocks. A chain A = Aq C . . . C At = 17 is a maximal chain of G-blocks 
between A and 27 if for all i, Ai is a maximal subblock of Ai + \. 

For a G-block Z\ and g e G, A 9 is also a G-block such that #A = #A 9 . Let A and 17 be two 
G-blocks such that A C 27. The A-block system of 27, is the collection 



B (27/zA) = {Z\ 9 : (7 G G and Z\ s C 27}. 



The set B (27 /Z\) is a partition of 17. It follows that #A divides #27 and by index of Z\ in 27, which 
we denote by [27 : A], we mean #B(£/A) = |f . We will use B (A) to denote B{Q/A). We state 
the connection between blocks and subgroups [9, Theorem 7.5]. 

Theorem 5 (Galois correspondence of blocks). LetG < Sym (J?) be transitive and a £ 17. For 

G > H > G a the orbit A = a H is a G-block and Ga = H. The correspondence a H = A ^ Ga = H 
is a one-to-one correspondence between G-blocks A containing a and subgroups H of G containing 
G a . Furthermore for G-blocks A C 27 we have [Gs : Ga] = [27 : A]. 

Let G < Sym (17) be transitive and A and 17 be two G-blocks such that A C 27. Let G(ZJ/A) 
denote the group {(/ G G : T s = T for all T G B(27/^)}. We write G^ for the group G{Q/A). 
For any g G Gj;, since # setwise stabilises 27, g permutes the elements of B{E/A). Hence for any 
T G B (E/A) we have T^ lGi - E / A ^ = T. Thus, G (27/Z\) is a normal subgroup of G E . In particular, 
G A is a normal subgroup of G. 

Remark. The following two lemmata are quite standard in permutation group theory. For the 
reader's convenience we have included short proofs. The following lemma lists important properties 
of G A . 



Lemma 1. 



1. For a G-block A C 17, G (E/A) is the largest normal subgroup of Gs contained in Ga- 

2. Let 17 be G-block then G s ^ YlreB(S) <^lr- 

3. Let A be a G-subblock of 27 then G ^j^ is a faithful permutation group on B(E/A) and is 
primitive when A is a maximal subblock. 

4- The quotient group G L ' jG A can be embedded as a subgroup of ( n(% s /A) ) f or some I- 
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Proof. Let N C Ga be a normal subgroup of Gjj. Since A N = Z\, and since Gx? acts transitively 
on B(S/A), for any T G B(S/A) there is a 3 G G r such that T = Therefore, = = 
Z\^s = T for each T G B (27/^). Thus iV C G {E/A). Since G (U/A) > G r we have proved part 1. 

Part 2 directly follows from the definition of G s . Part 3 follows from the fact that g,h G Gx 
have the same action on B (U/A) precisely when gG (U/A) = hG (U/A). The nontrivial G ^f/A) ' 
blocks of B(U/A) are in 1-1 correspondence with the G-blocks properly between A and U. Thus, 
G(z§A) * s P r i m iti ve if an d on ly if A is a maximal subblock of U. 

For Part 4 notice that we have the group isomorphism 

G\ r ^ G r 



G(T/A T )\ T G{T/A Y y 
for each T G B (U). As G A = G E n U G {T/A T )\ Y we have 

7 11 G (T/A T )\ r 11 G(rM r )" 



Let g G G such that Z\ 9 = Z\ r . Then, G T = g~ l G E g and G (Y/A T ) = g~ 1 G(U/A)g. Thus, 
and c(y Ta \ are isomorphic, which implies that G E jG A is isomorphic to a subgroup of 



G(i7/Z\) ^ G(T/Zi r ) 

I — S-tt 1 for some I. 



\G(E/A) 

Lemma 2. Zei G < Sym(i?) 6e transitive and N <G. Let a G fi. Then the N -orbit a N is a 
G-block and the collection of N -orbits is an a N -block system of fi under G action. If N ^ {1} then 
\\a N \\ > 1. Furthermore, if G a < N / G then the a N -block system is nontrivial implying that G is 
not primitive. 

Proof. Let a G fi and g G G. Then (a N y = a N 9 = a^ N = ( a 9) N . Thus (a N )9 and a N are iV-orbits, 
and hence are identical or disjoint. Thus, a N is a G-block and the iV-orbits form a block system. 
Clearly, if a N = {a} then N = {1}. Finally, by the Orbit-Stabilizer formula #G = #fi • #G a and 
#AT = #a w • #G a . Thus, if {1} 7^ N ^ G then a w is a proper G-block. 



3 Nilpotence testing for Galois groups 

First we recall crucial properties of nilpotent transitive permutation groups. These are standard 
group theoretic facts that we assemble together and, for the sake of completeness, provide proof 
sketches where necessary. We start with a characterization of finite nilpotent groups. Let G be a 
finite group and p±, . . . ,p^ be the prime factors of #G. For each i, let G Pi be a pj-Sylow subgroup of 
G. Then G is nilpotent if and only if G is the (internal) direct product G Pl x . . . x G Pk . Consequently, 
G p . is the unique pj-Sylow subgroup of G for each i and hence G Pi <\ G. 

Lemma 3. Let G < Sym (fi) be transitive and nilpotent, and p be any prime. Then 

(1) The prime p divides #G if and only if p divides #fi. 

(2) If p \ #G and a G fi then there is a block Up containing a such that jfU^ is the highest power 
of p that divides #fi. 

(3) Let A be any G-block containing a such that ffA = p l and suppose p divides ffG. Then A C Up. 
Also, for q 7^ p, the q-Sylow subgroup of Ga is given by G q (~l Ga = G q (~l G a . 
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Proof. Part (1): As G is transitive, fffi divides #G. Hence, each prime factor of f^fi divides ffG. 
Let p be a prime factor of #G. For a £ i2, let = a Gp . Since G p is transitive on Z 1 " , it follows 
from the Orbit-Stabilizer formula that f^Eg divides #G P . Hence f^Eg is p l for some I. Since G p <lG, 
by Lemma 2 it follows that its orbit Eg is a nontrivial G-block. Hence if Eg = p l for some / > 0. 
Since p divides the cardinality of a G-block Eg, p divides fffi. 

Part (2): From the Galois correspondence of G-blocks (Theorem 5) we have [fi : Eg] = [G : 
Ge&\- Notice that p is not a factor of [G : G p ] as G p is the p-Sylow subgroup of G. Since G p < Gx^ 
it follows that p is not a factor of [G : G^a]. Hence p is not a factor of [fi : Eg]. 

Part (3): notice that Ga is a nilpotent group with the unique normal g-Sylow subgroup G^nG^. 
Thus, G A = W q {G q n Ga)- By Theorem 5) we have 

#^ = [G 4 :Gj=I][G ? nG 4 :G 9 na (1) 

Since G g nG^ is a g-group, p divides [G g nG^ : G q nG a ] if and only if q = p. However, in Equation 1, 
#A is a power of p. This forces [G q CiGa ■ G q nG a ] = 1 for all q ^ p. Thus G g n Ga = G q n G« 
for qi^p. Therefore, G^ is the product group G v fl Ga x Elg^p G q PiG a - Since G^a contains both 
G p and G Q we have G^a > G^. Thus, Z\ is a G-subblock of Eg. 

We recall a result about permutation p-groups (see e.g. Luks [7, Lemma 1.1]). 

Lemma 4. Let G < Sym (I?) be a transitive p-group and A be a maximal G-block. Then [fi : A] = p 
and Ga = G (fi/A) = G A is a normal group of index p in G. 

The next lemma is an easy consequence of Lemma 4 and it states a useful property of permu- 
tation p-groups. 

Lemma 5. Let H < Sym (J?) be a transitive p-group and a G fi. Let {a} = Aq C . . . C A t = fi 
be any maximal chain of H -blocks. Then 

1. [A i+ i : Ai] = p for all <i <t. 

2. H(Ai + i/Ai) = Ha z - Hence, Ha 1 < Ha 1+1 and the quotient HA l+1 /HAi is cyclic of order p. 

Continuing with the notation of Lemma 3, we characterize nilpotent transitive permutation 
groups by properties of maximal chains of G-blocks between {a} and Eg. This turns out to be 
crucial for our polynomial-time nilpotence test. This characterization is probably well-known to 
group theorists. However, as we haven't seen it anywhere, we include a proof. 

Theorem 6. Let G < Sym (fi) be a transitive permutation group satisfying properties (1) and (2) 
of Lemma 3 (which are necessary conditions for nilpotence of G). Fix an a £ fi. The following 
statements are equivalent. 

(1) G is nilpotent. 

(2) For each prime factor p of #G, every maximal chain of G-blocks {a} = A$ C . . . C A m = Eg 
has the property that [Ai + \ : Ai] = p, GAi is a normal subgroup of GA i+1 , and p does not divide 
the order of G/G Am . 

(3) For each prime p dividing ffG, there is a maximal chain of G-blocks {a} = Aq C . . . C A m = Eg 
with the property that : Ai] = p, GAi ^ s a normal subgroup of Ga 1+1 , andp does not divide 
the order of GjG Am . 
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Proof. Clearly (2) implies (3). It suffices to show that (3) implies (1) and (1) implies (2). 

To see that (3) implies (1) it is enough to show that each Sylow subgroup of G is normal. To 
this end, let p be a prime factor of #G and let {a} = Aq C . . . C A m = Ep be a maximal chain of 
G-blocks having the properties mentioned in (3). 

Firstly, since G{Ai + \/Ai) is the largest normal subgroup of that is contained in G ^ 

(part 1 of Lemma 1), (3) implies that G^ = G (Z\j+i/Z\j). Furthermore it follows from Lemma 1 
that there is a positive integer Zj for each i such that the quotient group 

G A i+1 j G Ai ig embeddable 

in an Zj-fold product of copies of qt^— TTZTl = Ga^/Ga^- Since [G^\ i+1 : G^J = p it follows that 

G Ai+1 j G Ai is a p-group for each i. As #G Am = II^o 1 ^* 1 : ° A % ° Am is also a P-group. Since 
G Am < G and p does not divide [G : G Am ] it follows that G Am is a normal p-Sylow subgroup of G. 
The nilpotence of G follows as this holds for all prime factors of #G. 

Next, we show that (1) implies (2). Suppose G is nilpotent. Let p be a prime factor of #G and 
a £ Q. In the rest of this proof let H denote the p-Sylow subgroup G p . Let H denote the product 
Ylq^p G q of all other Sylow subgroups of G. Then G = H x H. Recall that Ep is the //-orbit of a 
and is therefore a block of G. 

Claim. Each A C Ep is a G-block if and only if it is an //-block (in its transitive action on Ep). 
For the proof, note that any G-block A C Ep is an //-block. To prove the converse consider 

any //-block E C Ep. Consider the group G' = H% x (Hr\G a ). Firstly notice that the group G' is 
a subgroup of Ge<x. Also since G a is nilpotent, we have G a = H a x (H n G a ). Furthermore since 
E is a //-block, we have Hs > // a . Therefore G' > G Q and by the Galois correspondence of blocks 
(Theorem 5), E = a G is a G-block and G^ = G' . This proves our claim. 

The above claim implies that any maximal chain of G-blocks is a maximal chain of //-blocks 
and vice-versa. Consider any maximal chain of G-blocks 

{ a } = A cA 1 C...cA rn = Ep*. 

By Lemma 5 we have [Ai + \ : Aj\ = p, < H^ i+1 , and H^ i+1 / H/\ t is cyclic of order p. Now, 
GAi = Ha x x and G^ i+1 = H^ i+1 x H^ i+1 ■ Notice that Z/^ is the product of g-Sylow subgroups 
of Ha { where q varies over all prime factors of #G different from p. But since Ai C Ep , we have 
j^Ai = p'* for some b L and hence from part 3 of Lemma 3 it follows that = H a . Therefore 
GAi < and quotient group Ga 1+ JG Ai = Ha 1+ JH Ai 

The following lemma is crucial for the nilpotence testing algorithm. If G is nilpotent then, for 
each prime factor p of #G, the lemma implies that no matter how the maximal chain of blocks Ai 
of Theorem 6 is constructed, it must terminate in Ep. 

Lemma 6. Let G be a transitive nilpotent permutation group on Q. Let p be any prime dividing 
#G. Let A be any G-block such that #A = p l for some integer I > 0. Let m be the highest power 
of p that divides #f2. If I < m then we have 

1. There exists a G-block E such that A is a maximal G-subblock of E and [E : A] = p. 

2. For all G-blocks E such that A is a maximal G-subblock of E and [E : A] = p, Ga is a normal 
subgroup ofGz. 

Proof. Since jfA is p l it follows that A is a G-subblock of Ep (Lemma 3). Also, A is a G p -block on 
the transitive action of G p on Ep (as argued in the proof of part (3) of Theorem 6). If I < m there 
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is a Gp-block E such that E^ D E D A and [E : A] = p. It follows that E is a G-block contained 
in Ep. This proves part 1. 

Let a & A. It follows from Lemma 3 that for q / p the g-Sylow subgroup of Gjj and Ga 
are both G q n G a . Let G p be W q ^ p G q . The groups Gs and G^\ are (G p n Gjf) x (G p n G a ) and 
(G p n G/\) x {G p n G a ) respectively. Moreover, G p n Gj; and G p Pi G^ are p-groups with index 
[G p n Gs : Gp n G/v] = [G s : G A ] = [E : A] = p. Therefore, G p n G A is normal in G p DG s . Thus, 
G A = (G p n G A ) x (G p n G a ) is normal in G E = (G p n G^) x (G p n G a ) and = is 
isomorphic to 7L p . 

3.1 The nilpotence test 

Given /(X) G Q[X] our goal is to test if Gal (/) is nilpotent. We can assume that f(X) is irreducible. 
For, otherwise we can compute the irreducible factors of f(X) over Q using the LLL algorithm, 
and perform the nilpotence test on each distinct irreducible factor. This suffices because nilpotent 
groups are closed under products and subgroups. Let G be Gal(/). We consider G as a subgroup 
of Sym (17), where Q is the set of roots of f(X). Since / is irreducible, G is transitive on Q. 

For any G-block Z\, let Qa be the fixed field of the splitting field Qf under the automorphisms 
of Ga- Let A be a G-block containing a. Since Ga > G a , Qa is a subfield of Q{ a } = Q(a). 

We describe the main idea. By Theorem 6, G is nilpotent if and only if for all primes p that 
divide the order of G, there is a maximal chain of G-blocks {a} = Aq C . . . C A m satisfying 
conditions of part (3) of Theorem 6. We show these conditions can be verified in polynomial time 
once the tower of fields Q(a) = Qa D . . . D Qzi m are known. Thus, for testing nilpotence of G we 
will first need a polynomial-time algorithm that computes Q^. We describe this in the following 
theorem. 

Theorem 7 (Proof in Appendix). Let f(X) £ Q[X] be irreducible, G = Gal (/) be its Galois 
group and Q be the set of roots of f. Let A C Q be any G-block and a G A. There is an algorithm 
that given a primitive polynomial ha(X) G Q[X] of Qa, runs in time polynomial in size (/) and 
size (ha) and computes a primitive polynomial /j,e(X) G Q[X] ofQx; for all G-blocks E such that A 
is a maximal block of E. Moreover size (jis) is at most a polynomial in size (/) and is independent 
of size (n A ). 

Algorithm 1 describes the nilpotence test. 

We prove that Algorithm 1 runs in polynomial time. For the steps 1 and 5 note that for 
polynomials / with solvable Galois groups, as a byproduct of the Landau-Miller test [4], the prime 
factors of #Gal (/) can be found in polynomial time (see also Theorem 11). We explain how step 3 
can be done in polynomial time using Theorem 7. We construct inductively starting with 
Qa q = Q((x). Assume we have computed Q^. Using Theorem 7 we compute Qs for each G-block 
E containing Z\« as a maximal G-subblock. Among them choose a Qjj for which [E : Z\j] = p and 
let QA i+ i be Qjj. The inductive construction of Qz\ i+1 from Qa { can be done in time bounded by 
a polynomial in size (/). Putting it together we have the following proposition. 

Proposition 1. Algorithm 1 runs in time polynomial in size(/). 

We now argue its correctness. Part (1) of Theorem 6 implies that if G is nilpotent then Algo- 
rithm 1 accepts. Conversely, suppose the algorithm accepts. Then for each prime p dividing #G 
we have a maximal chain of G-blocks {a} = Aq C . . . C A m such that QAi/QA i+1 are normal 
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Input: A polynomial f(X) £ Q[X] of degree n 

Output: "Accept" if Gal (/) is nilpotent; "Reject" otherwise 

Verify that f{X) is solvable; 

1 Compute the set P of all the prime factors of #Gal (/); 

Let G < Sym (Q) denote the Galois group of /, where fi is the set of roots of /. 

2 for every p £ P do 

if p does not divide n then 
print Reject 

end 

Let m be the highest power of p dividing n. 

3 Attempt to compute the tower QA m C . . . C Qa for a maximal chain of G-blocks {a} = Ao C . . . C A m 
such that [Qa 4+1 : <QU 4 ] = p. 

4 if Step 5 /aiZs or Qzi i+i is not normal over Qa ; then 

print Reject 

end 

Let pzi m (X) be the primitive polynomial for QA m 

5 if p divides #Gal (fiA m ) then 

print Reject 

end 

end 

print Accept 

Algorithm 1: Nilpotence test 

extensions for each < i < m (this we verify in step 4 of Algorithm 1). Recall that Q^\ i is the fixed 
field of Q/ w.r.t. Ga { - Hence by checking QAi/QA i+1 is a normal extension we have verified that 
G^i < Ga i+1 . Also, the splitting field of the primitive polynomial HA m (X) is the normal closure of 
Qzi m over Q. It follows from Lemma 1 and Theorem 1 that Gal (fiA m ) is G Am . Hence, by checking p 
does not divide #Gal (ha) we have verified that p does not divide j^GjG Am . Thus, we have verified 
that the maximal chain of G-blocks {a} = Aq C . . . C A m satisfies the conditions of Part(3) of 
Theorem 6 implying that G is nilpotent. Putting it all together we have the following theorem. 

Theorem 8. There is a polynomial-time algorithm that takes f G Q[X] as input and tests i/Gal (/) 
is nilpotent. 

4 Generalizing the Landau-Miller solvability test 

In this section we show that the Landau-Miller solvability test can be adapted to test if the Galois 
group of f(X) G Q[X] is in for constant d. Note that for d < 5, is the class of solvable 
groups and hence our result is a generalization of the result of Landau-Miller [4] . We first recall a 
well-known bound on the size of primitive permutation groups in i^. 

Theorem 9 ([1]). Let G < S n be a primitive permutation group in for a constant d. Then 
#G < n°W. 

Theorem 10. For constant d > 0, there is an algorithm that takes as input f(X) G Q[X] and in 
time polynomial in size (/) and decides whether Gal (/) is in T^. 

Proof. We sketch the proof. Assume without loss of generality that f(X) is irreducible. Let G = 
Gal (/) as a subgroup of Sym (.!?), where I? is the set of roots of /. Let {a} = Aq C . . . C At = Q 
be any maximal chain of G-blocks. The series {1} = G A " < ... < G At = G gives a normal series 
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for G. By closure properties of i^, G G iff G i~d for each i If G is in so are G^\ i+1 and 

G a ^ 1 

G (Z\j + i/Aj) and hence their quotient g(^ +1 /^ ) • On the other hand since ^37- is isomorphic to 
a subgroup of ( g(A+i/^) ) ^ or some 

Z (Lemma 1), G r d if g( aW^) € r d . Hence G G T d 

G a 

iff g(z\- + ']7zA ) ^ s m ^ ^ or eacn * • We give a polynomial-time algorithm to verify the above fact for 
some maximal chain of G-blocks {a} = Aq C . . . C A t = Q. 

First, by Theorem 7we compute Ki = Q^. for a maximal chain of G-blocks {a} = A C . . . C 
At = fl. Let Li be the fixed field of Q/ with respect to the automorphisms of G (Z\j + i/Z\j) then 
Lj + i is the normal closure of -fQ over -fQ+i. This follows because G (Z\j + i/Z\j) is the largest proper 

normal subgroup of G^ i+1 = Gal (Q//Qzi i+1 ). Hence Gal (Lj + i/ifj + i) is g(A^'iM ) ' an< ^ ^ suffices 
to check that each Gal {Li/ Ki) is in r d . 

The group G (Xt-'i7^) ac * s f ai thfully and primitively on Q' = B(Ai + \/Ai), by Lemma 1 and 
since Z\j is a maximal subblock of A+i- If G G then [Lj+i : ^Q+i] = #Gal (Lj+i/IQ+i) < 
n O(d) an( j d e g ree s [X^ : Q] are all less than n°( d \ We can use Theorem 2 to compute Gal (Li/ Ki) 
as a multiplication table in time polynomial in size (/) and n d for each i. We then verify that 
Gal (Li/Ki) G Id by computing a composition series for it and checking that each composition 
factor is in r d . At any stage in the computation of Gal (Li/Ki) if the sizes of the fields becomes too 
large, i.e. larger than the bound of Theorem 9 we abort the computation and decide that Gal (/) 
is not in i - ^. Clearly, these steps can be done in polynomial time. 

It follows from the proof of Theorem 10 that a prime p divides #Gal (/) if and only if it divides 
[Li : Ki] for some 1 < i < t. Hence we have the following theorem. 

Theorem 11. Given f(X) G Q[X] with Galois group in r d there is an algorithm running in time 
polynomial in size (/) and n d that computes all the prime factors of #Gal (/). 
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A Appendix: Proof of Theorem 7 



Let f(X) be an irreducible polynomial and let G be its Galois group thought of as permutation 
group over J?, the set of roots of f{X). For a G-block A let T A (X) be the polynomial defined by 

T A (X)=H(X-r l ). 

r/eA 

Note that if A 3 a then T A (X) £ Q(a)[X] and the field Q(S , ...,S r ) = Qa- Hence computing Q A 
reduces to computing Ta- 

Lemma 7. Let A be a G-block containing a. The irreducible factor of f over Qa which has a as 
root is Ta- Let £ be any G-block such that £ D A. If g is an irreducible factor of f over Qa then 
£ contains a root of g if and only if it contains all the roots of g. 

Proof. Let g be an irreducible factor of f(X) over Q^. The roots of g forms a G^-orbit of Q. 
Conversely for any G^-orbit Q' the polynomial Y\(X ~~ r i)i V varies over is an irreducible factor 
of f(X) over Qa- Hence the irreducible factor that contains a as root is Ta- 

For a G-block £ containing A we have Gs > Ga- Hence for any irreducible factor g(X) of 
f(X) over Q A two roots r/i and 772 of g(X) are in the same G^ orbit. Hence 771 £ £ if and only if 
7/2 G Gjj as £ is the Gi;-orbit a Gs . 

Let A be a G-block containing a and assume that we know Qa- Assume that / factors as 
go . . . g r over Q^. One of these factors say go is Ta- Consider any G-block £ such that A is a 
maximal G-subblock of £. There is a factor gi such that £ contains a root (hence all the roots 
by Lemma 7) gi- Let £{ be the smallest G-block containing A and all the roots of gi- We give a 
polynomial time algorithm to compute T% i . Theorem 7 then follows from this algorithm. 

Lemma 8. Let A be a G-block containing a. Given the field Qa as a subfield of Q(a) and an 
irreducible factor g of f overQA we can compute in polynomial timeTz as a polynomial inQ(a)[Y], 
where £ is the smallest G-block containing A and the roots of g. 

Proof. We are given as a subfield of Q(a). We compute a primitive element 77 of as a 
polynomial in a. The coefficients of factors of / over Qa are polynomials in 77. Let the factorisation 
of / over Qa be / = go . . . g r , where go = Ta and g = g±. Denote the set of roots of gi by for 
each i. Then ^j's are the orbits of Ga and by Lemma 7, the polynomial T57 is precisely the product 
of gi such that <L>, L C £. 

Let P denote a root of g(X), and a € Gal (Q//Q) be an automorphism such that a maps a to (3. 
Notice that a is an isomorphism between the fields Q(a) and Q(/3). Let £ be the smallest G-block 
containing A and #1. From Theorem 5 and the Galois correspondence of blocks (Theorem 5) we 
know that Ge is generated by Ga U {cr}. We can find these orbits by the following transitive closure 
kind of procedure (its correctness follows directly from Lemma 7) . 

Our goal is to get a polynomial-time algorithm for computing Tj] from the above procedure 
that defines £. First, we compute the extension field Q(a,(3) = Q(7): we do this by first factoring 
/ over Q(a). Let h be an irreducible factor of g over Q(a). Then Q(a,/3) = Q(a)[X]/h(X). As 
[Q(a, (3) : Q] < n 2 , we can compute a primitive element 7 in polynomial time. Furthermore, in 
polynomial time we will find polynomials 77 and ?~2 such that a = 77(7) and (3 = 7"2 (7). 
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Let S := 

while new orbits get added to S do 
Compute T := {<£ CT | <2> £ 5} 

if n ^ CT / /or some G T then include ^ in S 

end 

Output \j{<P\<PeS} 

Algorithm 2: Computing Z 1 

Let a map the polynomials go, . . . ,g r in Q(a)[X] to the polynomials <7q, . . . ,g° in K(f3)[X], 
obtained by symbolically replacing a by (5 in each coefficient of the polynomials {gi : < i < r}'s. 

In Algorithm 2, testing if #j n <Pf 7^ amounts to finding if gcd(gj,gf) is nontrivial. To make 
this gcd computation possible, we must express gj and gi over if (7), which we do by replacing a 
by ^1(7) and (3 by r2(7). We can now give the algorithm for computing T%. 

Let S :— {TA,5}while new factors get included in S do 
Compute S' := {gf \g>eS}U {T° A } 
for each factor gj do 

if gcd(gj,h') is nontrivial for some b! G S' then include gj in S 

end 

/* Notice that the gcd computation is done by */ /* expressing gj and h' over K(-y) */ 

end 

Outputs :=T A -U gieS 9i 

Algorithm 3: Computing Tjj 

It is clear that Algorithm 3 is polynomial-time bounded. The preceding discussion and the 
procedure for defining U imply that the algorithm correctly computes T57. 
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